Medibank has kept the results of an external review into a significant cyber attack private due to concerns over security. The hack, which occurred in October 2022, resulted in the release of private information relating to around 10 million of the company’s customers onto the dark web. In response, consultancy firm Deloitte was hired to examine the incident and provide suggestions for how Medibank’s IT systems and processes might be improved. Medibank has confirmed that the review has been completed and that all recommendations will be put into practice, but it has not released any further information about the contents of the review. A Medibank spokesperson has said that the review contains confidential and sensitive material on cybersecurity measures, so it will not be made public. The firm’s customers and shareholders have both filed lawsuits against the company in the wake of the hack.